System Center 2012 R2 Configuration Manager Application Strategy

  • Article

What is your application delivery strategy when using SCCM? I have seen a variety of approaches and most require manual interaction by IT staff and wait times for the users. Personally I see SCCM as a background tool used for automation. The following is one way to automate application delivery, lighten the load on IT and empower our users to have the right applications for their job. The basic idea uses 3 layers for app delivery:

 

Layer 1 – Enterprise wide software.

What does everyone in the organization receive? This is your imaging process for new computers or a refresh of an existing computer. Identify the OS and apps that all machines would get no matter which department it eventually goes to. For example:

    • Windows 7 Operating System with latest updates, configured for the organization

    • Microsoft Office 2013 with latest updates and customized for the org

    • SCCM Agent with Endpoint Protection (Antivirus)

    • Adobe Acrobat Reader 10

    • Java, Netflix, etc.

It is up to you if you use a thin, thick or hybrid image in your OSD Task Sequence, but I am a fan of a thin hybrid image with apps that do not change very often, such as a Windows 7 image with Office 2013 installed with the latest updates for both inserted into the WIM offline each month using SCCM. Install the other apps during the SCCM OSD Task Sequence.

 

Layer 2 – Department level applications.

What apps do each department require? And divisions within departments? For example, the Human Resources department might have a Recruitment division, a Benefits division, a Wellness division, all with separate applications, but still under the HR department. Identifying these will be a bit of a project, but well worth the effort in the end.

Create Active Directory Groups for the different departments and divisions. User accounts are placed in the appropriate groups according to job role and responsibilities. This should be a defined process when a new employee is coming on board or is changing departments.

In SCCM, create User Collections that automatically update from the AD Groups that represent the different departments. When a new employee is added to the AD groups, they will automatically be added to the proper Collection.

Deploy the appropriate applications to the corresponding Collections and the users’ primary computer will automatically receive the right app according to their AD Group and role. Notice this embraces the User Centric Model for application delivery, so you need to use User Device Affinity to associate a user with a device. This can be done during the task sequence or predefined in the console.

This also opens up the new Deployment Type model, so when you create an application you create an installer for a computer, installers for the various phones out there, an App-V version, etc. I'll have another blog about the application deployment type strategy. 

Layer 3 – Individual Applications

Publish apps to the Application Catalog that are needed by users across different departments and don’t fit neatly into the first 2 layers. Users can browse to the App Catalog and install or request apps as needed without phoning the helpdesk.

 

Summary

The first 2 layers should cover 95% of your companies applications and the remaining ones that don't fit nicely into specific departments are covered by layer 3 and the app catalog. This automates almost the entire process once a user is put into the appropriate AD Groups and empowers the user to install their own missing apps.